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Abstract For many algebraic codes the main part of decoding can be 
reduced to a shift register synthesis problem. In this paper we present an 
approach for solving generalised shift register problems over skew poly¬ 
nomial rings which occur in error and erasure decoding of ^-Interleaved 
Gabidulin codes. The algorithm is based on module minimisation and has 
time complexity 0(tp 2 ) where /i measures the size of the input problem. 
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1 Introduction 


Numerous recent publications have dealt with shaping the core of various de¬ 
coding algorithms for Reed-Solomon (RS) and other codes around F g [cc] module 
minimisation, lattice basis reduction or module Grobner basis computation: three 
computational concepts which all converge to the same in this instance. First for 
the Guruswami-Sudan list decoder 12»i5l 14 , then for Power decoding 1191 and 
also either type of decoder for Hermitian codes |2l] . 

The impact of this can be said to be two-fold: firstly, by factoring out coding 
theory from the core problem, we enable the immediate use of sophisticated 
algorithms developed by the computer algebra community such as [12 28 . Sec¬ 
ondly, the setup has proved very flexible and readily applicable in settings which 
were not envisioned to begin with, such as the aforementioned Power decoder for 
Hermitian codes, or recently for Power decoding of RS codes up to the Johnson 
bound [20]. 

The main goal of this paper is to extend the module minimisation description 
to skew polynomial rings and Gabidulin codes, in particular Interleaved Gabidulin 
codes, with the aim of enjoying similar benefits. Concretely, we lay a foundation 
by extending the core terms of weak Popov form and orthogonality defect, as 
well as extending the elegantly simple Mulders-Storjohann algorithm jl8] to 
matrices over skew polynomial rings. We analyse its complexity when applied 
to the shift register problem which arise when decoding Interleaved Gabidulin 
codes. Finally, we extend the Demand-Driven algorithm for F 9 [x] shift register 






problems 1191, which is derived from the Mulders-Storjohann, also to the skew 
polynomial setting. 

Gabidulin codes 17,10 23 are maximum rank distance codes with various 
applications like random linear network coding |13] [26| and cryptography m- 
They are the rank-metric analogue of RS codes. An Interleaved Gabidulin code 
(I7p5p6 is a direct sum of several (n, hi) Gabidulin codes: these can be decoded 
in a collaborative manner, improving the error-correction capability beyond the 
usual half the minimum rank distance of Gabidulin codes. Similar to Interleaved 
RS codes, see |24j and its references, the core task of decoding can be reduced 
to what is known as a multi-sequence skew-feedback shift register synthesis 


problem 25 


In this paper, we use the introduced module minimisation description to solve 
a more general form of this problem, which we abbreviate MgLSSR: 

Problem 1 (MgLSSR). Given skew polynomials Sj,g,; and non-negative integers 
7 i £ No for i = 1,..., t, find skew polynomials A, uq ,..., ujf, with A of minimal 
degree such that the following holds: 


A Si = 0 Ji mod gi 
degWi +% < degA + 70 


(1) 

( 2 ) 


The original problem of [25j set gi to powers of x and 7 ; = 0. The above is a 
natural generalisation, which covers error and erasure decoding of Gabidulin codes 
116j, as well as an Interleaved extension of the Gao-type decoder for Gabidulin 


codes ( 27 §3.2] combined with the ideas of [25]). For cases where the algorithm 
of |25| applies, the Demand-Driven algorithm we present has the same complexity. 
However, the more general perspective of module minimisation gives conceptually 
simpler proofs, and may prove useful for gaining further insights or faster, more 
sophisticated algorithms. 

Normal form computation of matrices over skew rings and Ore rings has been 
investigated before, e.g. 00 . but the focus has been over rings such as Z or 
K[z] for some field K , where coefficient growth is important to control. Since 
we are inspired mainly by the application to Gabidulin codes, where the skew 
ring is over a finite field, we count only operations performed in the field; in this 
measure those previous algorithms are much slower than what is presented here. 

We set basic notation in Section |2] Section [3] describes how to solve Problem |I] 
using module minimisation, and gives the Mulders-Storjohann algorithm for skew 
polynomial modules to accomplish this. We introduce important concepts for 
arguing about such modules in Section [4] for performing a complexity analysis. 
Section [5] describes how to then derive the faster Demand-Driven algorithm. Due 
to lack of space, a number of proofs are omitted. 


2 Notation and Remarks on Generality 

Let I\ be a field. Denote by 1Z = K[x\ 9 , <5] the noncommutative ring of skew poly¬ 
nomials over K with automorphism 9 and derivation S. Being an Ore extension, 
1Z is both a left and right Euclidean ring. See (22] for more details. 










For coding theory we usually take K as a finite field F = F g r for a prime power 
q and 6 as the Frobenius automorphism 9(a) = a q for a £ F g r-. Also, non-vanishing 
derivations <5 are usually not considered, a notable exception being |4]. The 
algorithms in this paper are correct for any field, automorphism and derivation. 
For complexities, we are counting field operations, and we often assume (5 = 0. 

By a = b mod c we denote the right modulo operation in 7 Z, i.e., that there 
exists d £ TZ such that a = b + dc. By “modules” we will mean left TUmodules. 
We extensively deal with vectors and matrices over TZ. Matrices are named by 
capital letters (e.g. V). The ith row of V is denoted by v, and the jth element 
of a vector v is Vj. Vij is the (*, j)th entry of a matrix V. Indices start at 0. 

— The degree of a vector v is degu := maxjjdegUi} (and degO = — oo) and 
the degree of a matrix V is degU := JT{deg Vi}. 

— The max-degree of V is maxdegU := maxijdegUi} = maxjjjdegVy}. 

— The leading position of a vector v is LP(u) := max{i : degUj = degu}. 
Furthermore LT(v) := v LP („) and LC(t>) is the leading coefficient of LT(u). 

3 Finding a Solution using Module Minimisation 

In the sequel we consider a particular instance of Problem [T] so TZ, t £ N, 
and S{, gi £ TZ, 7 * £ No for i = 1, are arbitrary but fixed. We assume 
deg Si < deg^i for all i since taking Si := Si mod g t yields the same solutions. 
Denote by A4 the set of all vectors v £ TZ e+1 satisfying ([lj, i.e., 

M := {(A, wi,... ,ue) £ TZ e+1 \ Xsi = uii mod gi Vi = 1,... ,£}. (3) 

Lemma 1. At with component-wise addition and left multiplication by elements 
of TZ forms a left module over TZ. The rows of M form a basis of A4: 

/I si s 2 ... sA 

0 g -\ 0 ... 0 
M = 0 0 (72 • ■ ■ 0 

\0 0 0 ... gt) 

The above gives a simple description of all solutions of the congruence relations 
(|T|). To solve Problem JT| we therefore need an element in the At which satisfies 
the degree condition (pi) and has minimal degree. For this purpose, define 

<P : TZ t+1 —► TZ t+l , u = (uq, ..., ut) (uqX 10 ,..., U(,x 11 ). (4) 

We can extend the domain of <T> to matrices over TZ by applying it row-wise. 
It is easy to see that <P(A4) is also a left 7?.-module and that is a module 
isomorphism. Using this notation, we can restate how to solve Problem [T| 

Lemma 2. A vector v £ At* is a solution to Problem^if and only if LP(<P(v)) = 
0 and for all u £ At* with LP(<P(u)) = 0 it holds that deg<?(w) < deg d>(u). 




Proof: v £ Ai* is a solution to Problem [T] iff it satisfies ([2]) and vg has 
minimum possible degree. That v satisfies Q means deguo +70 > degUi+ 7 i and 
so deg(uo® To ) > deg(uja; 7i ) i.e. LP(<£(?;)) = 0. The reverse direction is similar. ■ 
So we should find a vector v £ <P(A4) with minimum-degree leading term 
among vectors with leading position zero. We do this by finding a basis of 4>(A4) 
of a specific form. This extends similar ideas for matrices over K[x] |l8]|T9 . 

Definition 1. A matrix V overlZ is in weak Popov form if the leading positions 
of all its non-zero rows are different. 

The following value function for 7Z vectors will prove useful: ip : —> No, 

if>(v) = [I + 1) degv + LP(u) + 1 for v 7 ^ 0 and if(0) = 0. 

Lemma 3. Let V be a matrix in weak Popov form whose rows are a basis of a 
left TZ-module V. Then every u € V* satisfies deg it > degv, where v is the row 
ofV with LP(v) = LP(it). 

Proof: Let u G V*, and so 3ao,..., at € TZ s.t. u = Yli=o a i v i- The m, all 
have different leading position, so the aji 7 must as well for those ai 7 ^ 0 , which in 
turn means that the their if{aivf) are all different. Notice that for any two Ui, it 2 
with ip(ui) 7 ^ ip(uf), then ip(ui + uf) either equals ip(ui) or ip(u 2 ). Applied 
inductively, that implies that there is an i such that ip(u) = ip(aiVi ), which gives 
LP(it) = LP(i>i) and degn = dega^ +degUj. ■ 

Lemma [2] and Lemma [3] imply that a basis of Ai in weak Popov form gives 
a solution to Problem [l] as one of its rows. The following definition leads to 
a remarkably simple algorithm for computing such a basis: Algorithm [T] an 7 Z 
variant of the Mulders-Storjohann algorithm [18], originally described for K[x]. 

Definition 2. Applying a simple transformation on a matrix V means finding 
non-zero rows Vi^Vj, i 7 ^ j such that LP(i 7 ) = LP(t>j) and deg 17 < deg Vj, and 
replace Vj by Vj —ax^Vi, where (3 = deg Vj —degVi and a = hC(yj)/9^{LG{vi)). 

Remark 1. Note that a simple transformations cancels the leading term of the 
polynomial LT(u :/ ). Also elementary row operations keep the module spanned by 
the matrix’ rows unchanged, see e.g. [3], so the same is true for any sequence of 
simple transformations. 

Lemma 4. If v' replaces v in a simple transformation, then ip(v') < ip{v). 

Proof: The operations used in a simple transformation ensure that deg v' < 
deg v. If deg v' < deg v, we are done because LP(i/) < I + 1. If degi/ = degv, 
then LP(u') < LP(v): by the definition of the leading position, all terms to the 
right ofLP(w) in v and ax^v t , and therefore also in v' , have degree less than degu. 
Furthermore degu^p^) < degv by the definition of a simple transformation. ■ 

Algorithm 1 Mulders-Storjohann for 7 Z matrices 

Input: A square matrix V over TZ, whose rows span the module V 

Output: A basis of V in weak Popov form. 

1 Apply simple transformations on the rows of V until no longer possible. 

2 return V. 





Theorem 1. Algorithm [7] is correct. 

Proof: By Lemma [4] the value of one row of V decreases for each simple 
transformation. The sum of the values of the rows must at all times be non¬ 
negative so the algorithm must terminate. Finally, when the algorithm terminates 
there are no simple transformations possible on V anymore, i.e. there are no i ^ j 
such that LP(i^) = LP(u J ). That is to say, V is in weak Popov form. ■ 

This gives an algorithm to solve Problem [l] The above proof could also easily 
lead to a rough complexity estimate. To obtain a more fine-grained one, we will 
in the next section restrict ourselves to matrices which are square and full rank. 

4 Complexity Analysis 

Lenstra 115] introduced the notion of orthogonality defect of square, full rank 
K[x\ matrices, and in 1191, it was shown it can describe the complexity of the 
Mulders-Storjohann and Alekhnovich ||2] algorithms for such matrices more fine¬ 
grained than originally, and that this improves the asymptotic estimate when the 
input comes from shift register problems. The same concept cannot immediately 
be carried over to 7 Z matrices, since it is defined using the determinant. For 
noncommutative rings, there are no functions behaving exactly like the classical 
determinant, but the Dieudonne determinant |8] shares sufficiently many prop¬ 
erties with it for our use. Simply defining this determinant requires us to pass 
to the field of fractions of 7Z. 

4.1 Dieudonne Determinant and Orthogonality Defect 

The following algebra is standard for noncommutative rings, so we will go through 
it quickly; more details can be found in |6| Chapter 1], We know that 7Z is a 
principal left ideal domain which implies that it is left Ore and therefore has 
a unique left field of fractions Q = {s -1 r : r £ TZ, s £ 7Z*}/(~), where ~ is 
the congruence relation s~ 1 r ~ s 1 r / if 3u,u' £ TZ* such that ur = u'r' and 
us = u's'. The degree map on 7 Z can be naturally extended to Q by defining 

deg: Q— >ZU{-oo}, s _1 r i-)-deg r — deg s. 

Let [Q*, Q*\ be the commutator of Q*, i.e. the multiplicative group generated 
by {a~ 1 b~ 1 ab : a, b £ Q*}. Then Q ab = Q*/[Q*, Q*) is an abelian group called 
the multiplicative abelianization of Q*. There is a canonical homomorphism 

0:Q*^Q ab , x^x-[Q*,Q*}. 

Since the elements ( a~ 1 b~ 1 ab ) £ [Q*, Q *] have degree deg(a _1 6 _1 a6) = deg(a&) — 
deg(6a) = 0, we can pass deg through <fi in a well-defined manner: deg <f>{x) = 
deg a: for all x £ Q*. The following lemma was proved by Dieudonne [8j and can 
also be found in |[9|. 

Lemma 5. There is a function det : Q nxn —» Q ab s.t. for all A £ Q nxn j k £ Q: 


(i) det I = 1, where I is the identity matrix in Q nxn , 

(ii) If A' is obtained from A by an elementary row operation, then det A' = det A. 
(in) If A 1 is obtained from A by multiplying a row with k, then det A' = (j){k) det A. 

Definition 3. A function det with the properties of Lemma^is called a Dieudonne 
determinant. 


Note that contrary to the classical determinant, a Dieudonne determinant 
is generally not unique. For the remainder of the paper, consider det to be any 
given Dieudonne determinant. 

Lemma 6. Let A € Q nxn be in triangular form with non-zero diagonal elements 
d 0 , ■ ■ ■, d n - 1 . Then det A = H'Co 1 

Proof: Since di ^ 0 for all i, we can multiply the ith row of A by df 1 and 
get a unipotent triangular matrix A'. Any unipotent triangular matrix can be 
obtained by elementary row operations from the identity matrix I. Thus 


det A ^ 


'n— 1 


n 


2=0 


det A' W 


‘n— 1 


n di ) 


2 = 0 


Lemma n— 1 

2=0 


Clearly, the notion of weak Popov form generalises readily to matrices over Q. 
We will now examine how this notion interacts with the Dieudonne determinant 
and introduce the concept of orthogonality defect. The statements in this section 
are all Q variants of the corresponding statements for K[x\ matrices, see (T9 . 

Definition 4. The orthogonality defect of V is A(V) := degF — deg det V. 

Lemma 7. IfVG GL n (Q) is in weak Popov form, then A(V) = 0. 

proof sketch: We can assume that LP(uj) = i for all i because if not, 
we can change the order of the rows of V and obtain a matrix with the same 
determinant and degree. We can then apply elementary row operations to bring 
the matrix to upper triangular form. After these row operations, the property 
LP (vi) = i is preserved and degvu is equal to deg vu of the start matrix for all i. 
By Lemma [6] the degree of the determinant equals the sum of the degree of the 
diagonal elements, and hence deg V = deg det V. ■ 


4.2 Complexity of Mulders Storjohann 

We can now bound the complexity of Algorithm using arguments similar to 
those in |19| . These are in turn, the original arguments of [18 but finer grained 
by using the orthogonality defect. In the following, let p := max^lyj + degg;}. 
We can assume that < p since otherwise (1, s i,..., sf) is the minimal solution 
to the MgLSSR. 


Lemma 8. A{d>{AI)) < p — 7 0 . 






Theorem 2. OverlZ with derivation zero, Algorithm^ with input matrix d>(M) 
performs at most (£+l)(/a — 70+ 1 ) simple transformations and performs 0((. 2 p 2 ) 
operations over K. 

Proof: Every simple transformation reduces the value if of one row with 
at least 1. So the number of possible simple transformations is upper bounded 
by the difference of the sums of the values of the input matrix <P(M) and the 
output matrix V, i.e.: 

ELo[(^+ 1 ) de g <? ( Tn *)+ LP ( <? ( rn *))“((^+ 1 ) de g^( t ’i)+ LP ( t ’i))] 

= LP(0(m o )) + (^+l)Ei=o[ de S^( mi ) ~ de § v i\ 

< (M-l)[deg«P(M)-degV+l] = (M- 1 )[A($(M)) + 1 ], 

where the last equality follows from deg V = deg det V = deg det M. 

One simple transformation consists of calculating Vj — ax^Vi, so for every 
coefficient in v-i, we must apply , multiply by a and then add it to a coefficient 
in Vj, each being in 0(1). Since deg Vj < g this costs 0{ip). ■ 

5 Demand-Driven Algorithm 

It was observed in ||19|j that the Mulders-Storjohann algorithm over K[x\ admits 
a “demand-driven” variant when applied to matrices coming from shift register 
problems, where coefficients of the working matrix are computed only when they 
are needed. This means a much lower memory requirement, as well as a better 
complexity under certain conditions. Over TZ, Algorithm |T] admits exactly the 
same speedup; in fact, both the algorithm and the proof are almost line-for-line 
the same for TZ as for K[x]. We therefore focus on the idea of the algorithm, and 
the original proofs can be found in [19] (extended version). 

The central observation is that due to the special form of M of Lemma [lj only 
the first column is needed during the Mulders-Storjohann algorithm in order to 
construct the rest. That is formalised in the following lemma: 

Lemma 9. Consider Algorithm^ 7] with input d>(M). Consider a variant where, 
when replacing Vj with v'j in a simple transformation, instead replace it with 
Vj = (vj 0 ,Vj 1 mod < 71 ,. ..,v'jg mod gt). This does not change correctness of the 
algorithm or the upper bound on the number of simple transformations performed. 

The Demand-Driven algorithm, Algorithm [2] therefore calculates just the 
first element of a vector whenever doing a simple transformation, being essentially 
enough information. To retain speed it is important, however, that the algorithm 
can also figure out which simple transformation it can next apply, without having 
to recompute the whole matrix. For this, we cache for each row its degree gj and 
the leading coefficient of its leading position aj. The following observations then 
lead to Algorithm [2j 

1. In d>{M) there is at most one possible choice of the first simple transformation, 
due to the matrix’ shape. This is true throughout the algorithm, making it 
deterministic. 


Algorithm 2 Demand-Driven algorithm for MgLSSR 
Input: 5 j <— Sijx^ , gj <— gjX 1 * for j = 1 

Output: The first column of a basis of A 4 whose image is in weak Popov form. 

1 (rj, h) <- (deg, LP) of (a; 70 , si,. ..,s a ) 

2 if h = 0 then return (1,0,..., 0) 

3 (A 0 ,...,Ar) «- (a: 70 ,0, •.. ,0) 

4 ajX rlj <— the leading monomial of gj for j = 1 ,... ,£ 

5 while degAo < rj do 

6 a i — coefficient to x v in (\o§h mod g /,) 

7 if a 7^ 0 then 

8 if tj < tj h then swap (A0,0,77) and (A h ,a h ,g h ) 

9 A 0 4 - A 0 — a/ 9 (, a h )x n - r,h \ h 

10 (rj , h) (tj, h — 1) if h > 1 else (77 — 1, f) 

11 return (Aox - ’ 70 ,..., Xex~ vo ) 


2. To begin with, if there is a possible simple transformation, row 0 is involved. 
Just before doing a simple transformation, we possibly swap the two rows 
involved such that the row changed is always row 0. That means row 0 is 
always involved if there is a possible simple transformation, and that the 
algorithm terminates when row 0 has leading position 0. 

3. To begin with row i has leading position i for i > 0. The above swap ensures 
that this will keep being true. 

4. After doing a simple transformation, we need to update the degree, leading 
position and leading coefficient of only row 0; the rest remains unchanged. 
We do this by going through each possible degree and leading position in 
decreasing order of value ip. This is correct since we know that the simple 
transformation must decrease the value of row 0. 

To express the complexity, by supp(/),/ G 1Z, we mean the set of degrees 
such that / has a non-zero coefficient for this degree. By deg 2 / we mean the 
degree of the second largest coefficient. Let again /x := max, {~f l + degg.;}. 

Theorem 3. Algorithm^ is correct. Over 1Z with derivation zero, it has com¬ 
putational complexity 0(£p 2 3 4 p), where 

f max, {#supp (<?,)} if deg 2 gi<\ deggi for all i 
^ \ p otherwise 

It has memory complexity 0{lp). 

proof sketch: We only prove the complexity statement. Clearly, all steps 
of the algorithm are essentially free except Line [6] and Line [9] Observe that every 
iteration of the while-loop decrease an estimate on the value of row 0, whether 
we enter the if-branch in Line [7] or not. So by the arguments of the proof of 
Theorem [2] the loop will iterate at most 0(£p) times. Each execution of Line [9] 
costs O(p) since the A j all have degree at most /i. 






For Line[6j we can compute the needed coefficient a in complexity 0(/ip): if 
deg 2 3ft, > | deg gh, we simply compute the entire polynomial Ao §h mod gh in 
time 0(p 2 ). Otherwise, an easy argument shows that at most #supp(g/ 1 ) + 1 
coefficients of A jSh affects the computation of a. Each of these can be computed 
by convolution in time 0(/i). ■ 

For generic gi, Algorithms will have complexity 0(£p 3 ) which is usually worse 
than 0(l 2 g 2 ) of Algorithm [l] However, for decoding of Interleaved Gabidulin 
codes, two important cases are gt = x k (syndrome decoding 125]) and gi = x q — 1 
(Gao-type decoding [27 §3.2]), and here Algorithm [ 2 ] runs in complexity 0(lg 2 ). 


Remark 2. Algorithm [2] bears a striking similarity to the Berlekamp-Massey 
variant for multiple shift registers 25 where all gi are powers of x , and has the 
same running time in this case. However, using the language of modules, we obtain 
a more general algorithm with a conceptually simpler proof, and we can much 
more readily realise algebraic properties of the algorithm. For instance, using 
known properties for the weak Popov form, it is trivial to prove that Algorithm [2] 
can be modified to return a basis for all solutions to the shift register problem, 
as well as decompose any given solution as an 7?.-linear combination of this basis. 


6 Conclusion 

In this paper, we have given two module-based methods for solving generalised 
shift register problems over skew polynomial rings. For ordinary polynomial rings, 
module minimisation has proven a useful strategy for obtaining numerous flexible, 
efficient while conceptually simple decoding algorithms for Reed-Solomon and 
other code families. Our results introduce the methodology and tools aimed at 
bringing similar benefits to Gabidulin, Interleaved Gabidulin and other skew 
polynomial-based codes. 
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